b'                                                                                                                       G   P   O   \xe2\x80\x99   S\n\n\n\n                                                                 Ask The CIO\n\n\n\n\nWASh GPO\xe2\x80\x99s Chief Information Officer\n\n\n\n\nure that digital documents remain accessible to the public as formats\nchange?\n es over time exposes a number of challenges \xe2\x80\x94 particularly finding a way to\n                                                                                              G P O \xe2\x80\x99s F e d e r a\n dia and converting files to make them usable in today\xe2\x80\x99s and future applications.\nobably eternal \xe2\x80\x94 challenge is the rapidly evolving and changing world of\n                                                                                                 New system will make\n ats.\ncesses come in three forms: refresh, migration, and emulation. Refresh is the                    As a GPO customer, you interact with u\n ding a file, verifying that it is still readable and then re-writing it. Migration is           n\t Creating   digital documents for GPO\nd formats to a new format \xe2\x80\x94 for example, moving Office 2003 documents to\n                                                                                                 n\t Tracking   those documents through\non is a bit more abstract \xe2\x80\x94 creating an operating environment similar to the\n                                                                                                 n\t Providing   public access to many of\n ted when the file was created. An example of this would be emulating an early\nating environment to read WordStar documents.                                                    Currently, you use a variety of methods\nuse a mix of these methods depending on the file type and circumstances.                         jobs and find the information you need.\nn will probably be used most often. \xe2\x80\xa2\n\n\n                                                                                                 What is FDsys?\n                                                                                                 FDsys is an advanced digital content m\n                                                                                                 system that will enable GPO to manage\n                                                                                                 Government documents. Some of the m\n                                 Mike Wash Chief Information Officer                             functions include:\n                                 Scott Stovall Director of Programs and Technology\n                                                                                                 n\t Publishingdocuments \xe2\x80\x94 The U.S. C\n                                    Brenda Washington Administrative Support\n                                                                                                   and other agencies will be able to s\n                                 Communications\n                                    Carrie Gibb Program Communications\n                                                                                                   and orders electronically to GPO for\n                                    Moira Shea Program Communications                              electronic distribution, and inclusion\n                                 Technology\n                                                                                                   Federal Depository Library Program\n                                    Deng Wu Lead Innovation Specialist                           n\t Searching    for information \xe2\x80\x94 Federa\n                          United George\n                                  StatesBarnum\n                                          Government        Printing\n                                               Content System Manager Office | Office of Inspector General\n                                                                                                information will reach a wider audie\n\n\n                          Semiannual Report\n                                 Kirk Knoll PMO Associate Director                                 providing authentic, published Gove\n                                    Matt Landgraf Lead Program Planner\n                                                                                                   information to the public;\n                                    Adam Schwartz Program Planner\n\n\n\n                          to Congress\n                                    Magan Mohrmann Program Planner                               n\t Preserving information \xe2\x80\x94 The prese\n                                 Gil Baldwin PMO Associate Director                                function of FDsys will ensure public\n                                     Kate Zwaard Program Planner                                   information even as technology cha\n                                     Elizabeth Pruszko Program Planner\n                          April 1, 2008 through September 30, 2008\n                                 Selene Dalecky PMO Associate Director\n                                    Lisa LaPlant Lead Program Planner\n                                    Kirk Petri Program Planner\n                                    Blake Edwards Program Planner\n\n                                 Contact Information pmo@gpo.gov\n                                 http://www.gpo.gov/projects/fdsys.htm\n                                 202.512.1080\n\x0cThe U.S. Government Printing Office                             The Office of Inspector General\n\nFor well over a century, the U.S. Government Printing           The Office of Inspector General (OIG) was created by the\nOffice (GPO) has been fulfilling the needs of the Federal       GPO Inspector General Act of 1988\xe2\x80\x94Title II of Public Law\nGovernment for information products and distributing those      100-504 (October 18, 1988) (GPO IG Act). The GPO OIG\nproducts to the public. GPO is the Federal Government\xe2\x80\x99s         provides leadership and coordination as well as evaluates\nprimary resource for gathering, cataloging, producing,          GPO\xe2\x80\x99s internal control structure. It recommends policies,\nproviding, authenticating, and preserving published U.S.        processes, and procedures that help prevent and detect\nGovernment information in all its forms. GPO also produces      fraud, waste, abuse, and mismanagement. The OIG also\nand distributes information products and services for each      recommends policies that promote economy, efficiency,\nof the three branches of Government.                            and effectiveness in GPO programs and operations. It\n     Under the Federal Depository Library Program, GPO          is dedicated to acting as an agent of positive change\xe2\x80\x94\ndistributes a wide range of Government publications in print    changes that will help GPO improve its efficiency and\nand online to more than 1,250 public, academic, law, and        effectiveness as the Agency undertakes an era of unprec-\nother libraries across the country. In addition to distribut-   edented transformation.\ning publications through that library system, GPO provides           The OIG informs the Public Printer and Congress\naccess to official Federal Government information through       about problems and deficiencies as well as any positive\npublic sales and other programs, and\xe2\x80\x94most prominently\xe2\x80\x94          developments relating to GPO\xe2\x80\x99s administration and oper-\nby posting more than a quarter of a million titles online       ation. To accomplish these responsibilities, the OIG con-\nthrough GPO Access (www.gpoaccess.gov).                         ducts audits, assessments, investigations, inspections,\n     Today about half of all Federal Government documents       and other reviews.\nbegin as digital products and are published directly to the\nInternet. Such an evolution of creating and disseminat-\ning information challenges GPO, but it has met those chal-\nlenges by transforming itself from primarily a print format\nentity to an agency ready, willing, and able to deliver from\na digital platform a high volume of information to a multi-\ntude of customers.\n     Although a transition to digital technology changes\nthe way products and services are created and offered,\nGPO strives to continually satisfy the requirements of\nGovernment and accomplish its mission of Keeping\nAmerica Informed.\n\n\n\n\n     The OIG is dedicated to acting as an agent of positive\n     change\xe2\x80\x94changes that will help GPO improve its efficiency\n     and effectiveness as it undertakes its era of unprecedented\n     transformation.\n\x0cContents\n\nMessage from the Inspector General .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 3\n\nHighlights of this Semiannual Report .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 4\n\nOIG Management Initiatives . .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 4\n\nExecutive Council on Integrity and Efficiency .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 5\n\nReview of Legislation and Regulations .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 5\n\nGPO Management Challenges .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 7\n\nOffice of Audits and Inspections .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 13\n            A.Summary of Audit and Inspection Activity  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 13\n            B. TeamMate Audit Software Implementation .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 13\n            C. External Peer Review  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 13\n            D. Future Digital System (FDSys)\xe2\x80\x94Independent Verification and Validation .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 13\n            E. Oracle Release 2 \xe2\x80\x93 Independent Verification and Validation .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 14\n            F. Financial Statement Audit Activity .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 15\n            G. Audit and Inspection Reports  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 15\n            H. Status of Open Recommendations . .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 19\n\nOffice of Investigations .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 25\n            A. Summary of Investigative Activity .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 25\n            B. Types of Cases .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 25\n            C. Status of Action on Referrals . .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 25\n            D. Investigative Accomplishments .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 26\n            E. Work-In-Progress .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 26\n\nAppendices\n            A. Glossary and Acronyms .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 28\xe2\x80\x9329\n            B. Inspector General Act Reporting Requirements .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 30\n            C. Statistical Tables\n                         Table C-1: Audit Reports With Questioned and Unsupported Costs . .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 31\n                         Table C-2: Audit Reports With Recommendations for\n                                                    Funds That Can Be Put to Better Use .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 32\n                         Table C-3: List of Audit and Inspection Reports Issued During\n                                                    Reporting Period  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 33\n                         Table C-4: Investigations Case Summary .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 34\n                         Table C-5: Investigations Productivity Summary . .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 36\n\n\n\n\n                                                                                                      Office of Inspector General\n                                                                                                                                                  1\n\x0c\x0cMessage from the Inspector General\n\n\n\n\n                            T\n                                     his Semiannual Report to Congress marks a milestone in the Office of Inspector\n                                     General at the GPO. Twenty years ago, the President signed Public Law 100-504,\n                                     which included the Government Printing Office Inspector General Act of 1988,\n                              thereby establishing a statutory Office of Inspector General at GPO. While the Inspector\n                              General Act of 1978 set the ground work for Offices of Inspectors General in Executive\n                              Branch agencies, the GPO Inspector General Act established the first statutory Inspector\n                              General within the Legislative Branch. It would not be until 2005 before the GPO OIG\n                              was joined by another statutory Legislative Branch Inspector General at the Library of\n                              Congress. And since then, Congress has added the U.S. Capitol Police, Architect of the\n                              Capitol, and the Government Accountability Office.\n      During the past twenty years, the GPO OIG has undergone significant change. At one time the GPO OIG had a\nstaff of more than 50, with an audit group dedicated to financial and compliance work and an investigative unit that\ndealt primarily with employee misconduct and contractor issues. As the size of the Agency was reduced, so too has\nthe number of staff in the OIG. Today, while less than half the size of its peak, the responsibilities of the OIG have\ngrown dramatically. The Agency\xe2\x80\x99s unprecedented transformation to digital information processing and high-tech\nsecurity printing has brought to the OIG new and complex challenges that are met by dedicated auditors, inspectors,\nand criminal investigators.\n      The complexity of the work is borne out in this semiannual report. Our Office of Audits and Inspections is respon-\nsible for the oversight of several contractors facilitating robust independent verification and validation (IV&V) of two\nsignificant GPO programs \xe2\x80\x93 the implementation of the Future Digital System (FDsys) and transition of legacy systems\nto Oracle integrated business solutions. These IV&V efforts have helped identify risks and vulnerabilities to these pro-\ngrams so that if corrected, GPO may be assured of greater chance of success upon deployment. The emphasis on infor-\nmation technology and security will continue to evolve as do the inherent risks and vulnerabilities of the IT systems at\nGPO. To that end, we continued to address efforts to protect the e-Passport Production system, as well as assess GPO\xe2\x80\x99s\nPublic Key Infrastructure and GPO\xe2\x80\x99s transition planning for Internet Protocol Version 6. Such reviews were beyond\ncomprehension when the OIG was contemplated twenty years ago.\n      The Office of Investigations is also in the midst of upgrading its operations as we move into our 21st year. With the\nrecent addition of a new Assistant Inspector General for Investigations, planning is underway to develop more complex\ncontract and procurement fraud cases as well as continue to address matters in technology related crimes, workers\xe2\x80\x99\ncompensation fraud, and employee misconduct. And while the advance of technology has changed how the agency\ndoes business and the types of criminal and administrative matters our office will confront, there are still those who\nlive in the past and have failed to embrace fundamental tenets of respect and consideration to fellow employees. During\nthis reporting period, an investigation by the OI resulted in the indictments of three GPO employees for the physical\nabuse of a vulnerable employee. While twenty years ago such activity might have been dismissed as horseplay, in a 21st\ncentury workforce such behavior cannot be tolerated. I applaud the vigorous investigation by our OI which resulted in\nthese indictments.\n      While we reflect upon our progress over the past twenty years, I am encouraged by the strength of character and\ncommitment of the OIG to look forward to the future and meet the needs of the OIG with a renewed sense of vitality.\n\n\n\n\n                                                                       J. Anthony Ogden\n                                                                       INSPECTOR GENERAL\n                                                                       U.S. Government Printing Office\n\n\n                                          Office of Inspector General\n                                                            3\n\x0cHighlights of this                                                 this reporting period, OALC reviewed several audit and\nSemiannual Report                                                  investigative reports, assisted OI with several matters that\n                                                                   the Department of Justice accepted for civil and crimi-\nDuring this reporting period, the OIG continued direct-            nal prosecution, and oversaw OI operations for 3 months\ning its resources toward those areas of greatest risk within       during the absence of an Assistant Inspector General for\nGPO. We provided a variety of services, including program          Investigations.\nand financial audits, inspections and assessments of key                In addition, OALC provided legal advice to the U.S.\noperations, and investigative activity resulting in criminal       Capitol Police Inspector General in a variety of matters\nor administrative actions. We also consulted on a variety          and reviewed and provided comments to an Agency\nof Agency issues and provided comments on proposed                 Directive on Workers\xe2\x80\x99 Compensation. OALC also acted on\nlegislation and regulations. The work of each of the OIG           a variety of matters as the OIG liaison to the GPO General\ncomponents is summarized below.                                    Counsel, including support with GPO litigation matters,\n      The Office of Audits and Inspections (OAI) issued 7          and the GPO Office of the Chief of Staff. Finally, OALC\nreports with a total of 16 recommendations for improving           participated in the Council of Counsels to the Inspector\nGPO operations, including strengthening internal controls          General (CCIG). In that role, OALC led a task force for\nthroughout the Agency, and continued working with man-             developing language for new GPO- produced, secure cre-\nagement to close recommendations from earlier reporting            dentials for OIGs throughout the Federal Government.\nperiods. OAI continued its IV&V work on FDsys and Oracle           OALC also coordinated development, with the GPO Web\nE-Business Suite implementation and completed an audit             Development and Creative Services Division, of an infor-\nof diversity management programs at GPO in response to             mational Web site for the CCIG.\na congressional request. OAI also completed a follow-up\naudit of centrally charged travel expenditures that resulted       OIG Management Initiatives\nin identifying approximately $8,495 in erroneous payments\nand performed a security audit of the databases that sup-          Personnel Update\nport the Passport production systems. Finally, OAI com-            During this period, several changes occurred in OI. Ronald\npleted a WebTrust assessment report of GPO\xe2\x80\x99s Certification         Koch, the Assistant Inspector General for Investigations,\nAuthority and an assessment on GPO\xe2\x80\x99s transition planning           retired. Several other members of the Investigations team\nfor Internet Protocol Version 6.                                   left to join other OIGs. As a result, OI welcomed three new\n      The Office of Investigations (OI) opened 18 inves-           members in August.\ntigative cases, closed 20, and has 22 ongoing investiga-                 We are excited that Debra Miller has joined the OIG OI\ntions. During this reporting period, one investigation             as the new Assistant Inspector General for Investigations.\nresulted in three criminal indictments, and another case           Debbie has an impressive record in the OIG community.\nwas accepted for possible criminal prosecution. One                She began her OIG career in 1982 as a Special Agent with\ncase against a contractor was referred for administra-             the Environmental Protection Agency\xe2\x80\x99s OIG and then later\ntive action. In addition, due to its investigative efforts,        moved to NASA\xe2\x80\x99s OIG where she worked on sensitive and\na forfeiture of $226,821.74 in workers\xe2\x80\x99 compensation               complex criminal and civil investigations. One significant\nwas assessed against an individual who was also taken              achievement at NASA was her work as the lead agent on the\noff workers\xe2\x80\x99 compensation rolls. A cost savings to the             investigation of the Hubble Space Telescope primary mir-\nGovernment of $42,000 per year will also be realized               ror flaw. That investigation resulted in a civil settlement of\n($420,000 in actuary amount over 10 years).                        $25 million with the mirror manufacturer, at the time the\n      The Office of Administration/Legal Counsel (OALC)            largest recovery by the NASA OIG. Most recently, Debbie\nprovides legal advice and counsel on issues arising dur-           initiated and developed the Social Security Administration\ning audits, inspections, and investigations, including             OIG\xe2\x80\x99s contract fraud investigative program. Debbie grad-\nopinions regarding legal accuracy and sufficiency of OIG           uated from Florida State University with a Bachelor of\nreports. OALC manages administrative and manage-                   Science in Criminology.\nment issues that the OIG faces as well as congressional                  Elisabeth Heller joined the OI as a Special Agent.\nand media relations and information requests. During               Elisabeth comes to us from the Department of Health\n\n\n                                       Semiannual Report to Congress\n                                                               4\n\x0cand Human Services OIG where she worked as a Special on a quarterly basis. The meetings continue to improve\nAgent. Previously, she worked at the Office of Personnel communications and contact between the Legislative\nManagement as a Special Agent working on personnel secu- Branch IGs. During this reporting period, the Legislative\nrity investigations. Elisabeth graduated from George Mason Branch IGs provided comments about legislation to amend\nUniversity with a Bachelor of Science in Criminal Justice.                the Inspector General Act of 1978, as amended, (IG Act) in\n      Latarsha Isom joined the OIG as a Special Agent. an effort to aid committee staff understanding of distinc-\nLatarsha comes to us from the Treasury Department\xe2\x80\x99s tions with Executive Branch IGs.\nBureau of Engraving and Printing, where she worked for                          Legislative Branch IGs also developed a comprehen-\nthe last 10 years, most recently as an investigator in the sive audit plan and completed a summary report of an audit\nOffice of Security. Latarsha                                                                               of all legislative branch agency\ng raduated f rom Cent ra l                                                                                 diversity offices. The sum-\nConnecticut State University                                                                               mary report was produced at\nwith a Bachelor of Arts in             \xe2\x80\x9cIndeed, a conversation about                                       the request of the Chairman\nPsychology.                           diversity is not possible unless all                                 of the Subcommittee on\n      The OA LC also wel-                                                                                  Federal Workforce, Postal\nc ome d a ne w me m b e r.\n                                      diverse populations and cultures                                     Service, and the District\nTimothy Harbeck became                  that enrich our workforce are                                      of Columbia of the House\nthe first law clerk to work              included in the discussion.\xe2\x80\x9d                                      Committee on Oversight and\nfor the GPO OIG helping on                                                                                 Government Reform, and pre-\na variety of research and Testimony on GPO\xe2\x80\x99s Diversity Management Programs by J. Anthony Ogden, sented in a hearing before this\n                                   Inspector General, before the Subcommittee on Federal Workforce, Postal\npolicy matters. Tim grad-                Service, and the District of Columbia on September 16, 2008.      Subcommittee on September\nuated from the University                                                                                  16, 2008. Quarterly meetings\nof Virginia with a Bachelor                                                                                continue to rotate among\nof Science in Mechanical                                                                                   IG offices of the Legislative\nEngineering. Before attending law school, Tim worked Branch. Updates and the progress of those meetings will be\nas a Patent Examiner at the U.S. Patent and Trademark provided in our respective semiannual reports.\nOffice focusing on Business Methods applications. Tim\nis in his second year of law school at the George Mason Review of Legislation\nUniversity Law School.                                                    and Regulations\n\nExecutive Council on Integrity                                          The OIG, in fulfilling its obligations under the IG Act, reviews\nand Efficiency                                                          existing and proposed legislation and regulations relating to\n                                                                        programs and operations of GPO. It then makes recommen-\nThe President\xe2\x80\x99s Council on Integrity and Efficiency (PCIE)              dations in each semiannual report on the impact of such\nand the Executive Council on Integrity and Efficiency                   legislation or regulations on the economy and efficiency of\n(ECIE) were both established by Executive Order to coor-                programs and operations administered or financed by GPO.\ndinate and enhance governmental efforts, to promote                     In an effort to assist the Agency in achieving its goals, we will\nintegrity and efficiency, and to detect and prevent fraud,              continue to play an active role in that area.\nwaste, and abuse in Federal programs. The PCIE com-                           Although there were no legislative proposals relat-\nprises 32 Inspectors General (IGs) that the President                   ing to GPO programs and operations, as the Legislative\nappoints. The ECIE comprises 35 IGs that agency direc-                  Branch member of the ECIE Legislative Committee, the\ntors appoint. The OIG at GPO is a member of the ECIE and                IG provided comments to the committee on bills that\nparticipates regularly in its activities.                               would amend the IG Act. The comments focused on how\n      In ongoing response to the Senate Appropriations                  the proposed amendments would affect the Legislative\nCommittee request that the legislative branch IGs commu-                Branch IGs. In addition, OALC reviewed and provided\nnicate, cooperate, and coordinate with each other on an                 comments on the Agency\xe2\x80\x99s Directive on the Office of\ninformal basis, the legislative branch IGs continued to meet            Workers\xe2\x80\x99 Compensation Programs.\n\n\n                                               Office of Inspector General\n                                                                    5\n\x0c\x0cGPO Management Challenges                                         Our update of management\n                                                                  challenges follows:\n\n\nG\n           PO is well into its transformation, having estab-\n           lished several key initiatives that will help the 1. Strategic Planning. As previously noted, to realize\n           Agency meet its mission in the ever-changing and sustain the GPO Vision, each individual business\ndigital environment. Substantial and challenging risks unit within the Agency must develop and implement its\nthat could affect successful implementation of the pro- own clear and succinct strategic plan that aligns with\ngrams and initiatives will continue. In our April 2007 the GPO blueprint, A Strategic Vision for the 21st Century.\nSemiannual Report to Congress, the OIG provided man- We have urged that business units develop plans that\nagement a list of issues we identified as most likely to ham- cascade goals and objectives from the Agency\xe2\x80\x99s plan\nper the Agency\xe2\x80\x99s efforts if not addressed with elevated lev- to achieve employee buy-in and keep transformation\nels of attention and resources. We update the management efforts on track. In the absence of clearly articulated\nchallenges in this report.                                     plans, senior management cannot easily determine\n      We continue to note the issue of a new headquar- whether the business units are working together toward\nters facility for GPO. As previously reported, manage- a common goal.\nment has maintained for years that the current GPO                  During this reporting period, GPO continued to\nfacility is too large and antiquated and requires an make progress in its efforts to implement the spirit of the\nex t raord i na r y a mou nt                                                                  Government Performance\nof financial resources to                                                                     R e s u l t s A c t (G P R A ) .\noperate a nd ma i nta i n.                                                                    Although not required to\nEst i mates for bu i ld i ng\n                                        GPO\xe2\x80\x99s Top 10                                          follow all the mandates\nupkeep costs during fis-                Management Challenges                                 of GPRA, Congress urged\ncal year (FY)\xc2\xa02008 exceed               \t 1.\t Strategic Planning.                             GPO to embrace its tenets.\n$35\xc2\xa0million. The Agency                 \t 2.\t Management of Human Capital.                    I n t h at v ei n , t he GP O\nproposed to Congress a                  \t 3.\t Improved Financial Management.                  Quality Assurance office\nplan for relocating to new                                                                    helped t he Agency stay\n                                        \t 4.\t Continuity of Operations.\nfacilities specifically sized                                                                 on point in achieving its\n                                        \t 5.\t Internal Controls.\nand equipped for future                                                                       2008 goals and objectives\nrequirements and more\n                                        \t 6.\t Security and Intelligent                        by measuring and report-\neffectively able to meet\n                                        \t\t Documents.                                         ing its success t hrough\nthe needs of its custom-                \t 7.\t Supporting Congressional Printing.              its Balanced Scorecard\ners. A lthough the chal-                \t 8.\t\x07Information Technology and                      (BSC). The Agency\xe2\x80\x99s BSC\nlenges associated w it h                      Systems (IT&S) Management.                      i s t he f r a me w ork t h at\nsuch a move will be sig-                \t 9.\t Customer Service.                               helps translate its strat-\nnificant for the Agency,                \t10.\t Acquisitions.                                   egy into operational objec-\nCongress must still                                                                           tives. To that end, work is\napprove any relocation of                                                                     nearly complete on GPO\xe2\x80\x99s\nGPO operations. Members                                                                       St rateg ic Per for ma nce\nof Congress have expressed interest in the issue and Plan and Achievements, which reports Agency achieve-\nurged that the Agency continue its efforts toward ments in meeting its goals and outcomes. Building on its\napproval. Limited movement in this regard has, how- successful performance measurement program, GPO\never, taken place. The OIG has planned a review of the has set its sights on rolling out an employee initiative\nproposed move to ensure that plans are based on sup- during FY 2009 that will educate employees on its stra-\nported and documented economic assumptions and tegic posture and BSC. We are encouraged that manage-\nthe Government\xe2\x80\x99s future interests are adequately pro- ment has made strategic planning a priority. Continued\ntected. The information reviewed thus far supports sig- progress will help transformation efforts stay on track\nnificant cost savings.                                         during this critical transition time.\n\n\n                                           Office of Inspector General\n                                                              7\n\x0c2. Management of Human Capital. We previously high-                 known as the Oracle E-Business Suite. The new system will\nlighted challenges GPO faces in \xe2\x80\x9cright sizing\xe2\x80\x9d its work-            provide GPO with integrated and flexible tools that will\nforce while at the same time attracting employees with              help successfully support business growth and customer\nthe right skill sets for the new GPO. The Chief Human               technology requirements for products and services. To\nCapital Officer will continue confronting significant               oversee and support such a complex effort, the GPO Oracle\nissues related to transformation of the GPO workforce               Program was created. Although investment in the inte-\nand must also advance creative solutions that will help             grated system presents opportunities for enhanced effi-\nthe Agency meet its ongoing workforce needs\xe2\x80\x94in part by              ciency and cost savings, such an investment brings with it\nbuilding a diverse, qualified applicant pool.                       significant risk in the event the system does not meet user\n      During this reporting period, we completed a con-             requirements. GPO must implement the program on time,\ngressionally requested audit of GPO\xe2\x80\x99s diversity programs,           within budget, and with a satisfactory result.\nparticularly those related to establishing a more diverse                The OIG continued Independent Verification and\npopulation in senior leadership positions. The audit                Validation (IV&V) activities associated with implemen-\nshowed that while GPO has voluntarily adopted several               tation of the Oracle E-Business suite. IV&V provides GPO\ncomponents for establishing a model diversity program,              with an independent assessment of project status, sat-\nimprovements can be made toward enhancing diversity of              isfaction of user needs, and project cost effectiveness.\nthe Agency\xe2\x80\x99s corps of senior-level employees. The results           During FY 2008, IV&V focused on the Oracle Release 2\nof this audit are discussed in more detail in the Audits and        project. The main goal of Release 2 is to implement Project\nInspections section of this report.                                 Costing and Project Billing. Additional capabilities will\n      The results from the GPO Employee Survey released             be added to Purchasing, Inventory, Accounts Payable,\nin 2006 show that while job satisfaction is relatively              Receivables, and other implemented Oracle modules.\nhigh, \xe2\x80\x9ccommunications at GPO\xe2\x80\x9d stand out as not having               The IV&V resulted in several recommendations designed\nimproved since 2004. When compared against results                  to improve management of the project as well as future\nfrom the 2004 Federal Human Capital Survey, GPO actu-               Oracle projects. Management concurred with each recom-\nally rated lower in almost all identical items. Human               mendation and proposed responsive corrective actions.\nCapital has, however, developed a plan addressing those             IV&V efforts for Release 2 will continue into FY 2009.\nand other challenges as well as providing opportunities                  The OIG also continues to oversee activities of KPMG\nfor improving communications at GPO.                                LLP (KPMG), the Independent Public Accountant (IPA)\n      In previous reporting periods and particularly during         conducting the annual financial statement audit. KPMG\nthis last reporting period, management has implemented              is auditing the GPO FY 2008 consolidated financial state-\nseveral programs that have greatly improved commu-                  ments and assessing the status of the FY 2007 findings to\nnications with all GPO employees. For example, during               determine whether they will need to be reported again in\nthis reporting period the Employee Communications                   the FY\xc2\xa02008 audit report. The results of the FY 2008 audit\nOffice (ECO) implemented the link program, which uses               will be reported during the next reporting period.\nNetPresenter software to disseminate GPO-related infor-\nmation to all GPO workstation PCs (via screen savers) as            4. Continuity of Operations (COOP). A previous OIG\nwell as to flat screen monitors located throughout GPO              review of GPO COOP planning revealed that the Agency\nbuildings. ECO will use link to supplement its existing lines       may not be adequately prepared to deal with a signifi-\nof communications with employees, such as email commu-              cant event such as a natural or man-made disaster. Our\nnications (GPO Headlines, Leaders\xe2\x80\x99 Update) and \xe2\x80\x98webbies\xe2\x80\x99            report contains several recommendations including, most\n(content on the Intranet homepage). Thus, we no longer              fundamentally, that GPO adopt planning requirements\nconsider this issue a significant management challenge.             and critical elements identified in Federal Preparedness\n                                                                    Circular 65, \xe2\x80\x9cFederal Executive Branch Continuity of\n3. Improved Financial Management. GPO has been                      Operations.\xe2\x80\x9d Management must address the problem of\nmigrating current business, operational, and financial sys-         continuing essential functions and be able to resume\ntems, including associated work processes, to an \xc2\xadintegrated        normal operations within a time frame acceptable to its\nsystem of Oracle enterprise software and \xc2\xadapplications              \xc2\xadcustomers and business partners.\n\n\n                                        Semiannual Report to Congress\n                                                                8\n\x0c     In response to our recommendations,\nGPO developed a comprehensive draft\nCOOP plan based on the Federal Emergency\nManagement Agency template of key COOP\ncomponents. The draft plan discusses issues\nsuch as essential functions, interoperable\ncommunications, delegations of authority and\ntesting, training, and exercises. The Agency\nalso developed an Occupant Emergency Plan\n(OEP) as a companion to its COOP. The OEP\npresents appropriate responses for emergencies\nand discusses known or anticipated categories\nof emergencies.\n     Steps continued to be taken during this reporting\nperiod to enhance the Agency\xe2\x80\x99s COOP posture, including\nplanning and conducting exercises with scenarios that\ntested alternate production facilities and procedures for\nnotifying essential personnel. The Agency has prepared             control over financial reporting identified in a financial\nand begun testing a COOP project completion matrix                 statement audit. The standard requires that the auditor\nthat will demonstrate what GPO can do to support mis-              communicate control deficiencies that are \xe2\x80\x9csignificant\nsion essential functions in the event of COOP activation.          deficiencies\xe2\x80\x9d and \xe2\x80\x9cmaterial weaknesses.\xe2\x80\x9d\nThe Agency also recruited and hired a business continu-                 KPMG is auditing the Agency\xe2\x80\x99s FY 2008 consolidated\nity manager to work directly with GPO\xe2\x80\x99s various business           financial statements and assessing the status of FY 2007\nunits in support of the COOP program.                              findings that included several deficiencies related to\n                                                                   internal control over financial reporting. Those defi-\n5. Internal Controls. GPO management establishes and               ciencies included (1) inadequate reconciliation controls,\nmaintains a system of internal controls for effective and          (2) misapplication of generally accepted accounting prin-\nefficient operations, reliable financial reporting, and com-       ciples, and (3) information technology (IT) general con-\npliance with applicable laws and regulations. Practically          trols. KPMG did not consider any of those deficiencies to\nall OIG audits include assessments of a program, activity,         be material weaknesses.\nor function\xe2\x80\x99s applicable control structure. Several ongoing\naudits of GPO activities are assessing internal controls.          6. Security and Intelligent Documents (SID). As the Federal\n      The annual financial statement audit that KPMG con-          Government\xe2\x80\x99s leading provider of secure credentials and\nducts also addresses internal controls and provides man-           identity documents, management regards SID as a business\nagement with recommended corrective actions. Although              unit best exemplifying the Agency\xe2\x80\x99s transformation toward\nmanagement recognizes the need for improving the inter-            high-technology production. During FY 2008, SID success-\nnal control environment to successfully implement its stra-        fully manufactured more than 23 million electronic passports\ntegic vision and planned future initiatives, Agency action         for the Department of State and established a new, secure\nis important because of implementation of Statement                smart card credential center to support the Department of\non Auditing Standards (SAS)1 No. 112, \xe2\x80\x9cCommunicating               Homeland Security\xe2\x80\x99s Customs and Border Patrol (DHS/CBP)\nInternal Control Related Matters Identified in an Audit.\xe2\x80\x9d          Trusted Traveler Program (TTP). Also in FY 2008, to provide a\nSAS No. 112 establishes standards and provides guidance            COOP capability for passport production, the Agency success-\non communicating matters related to an entity\xe2\x80\x99s internal           fully established a second secure manufacturing site at a ren-\n                                                                   ovated facility on the Stennis Space Center in Mississippi.\n                                                                         As a provider of secure Federal e-Credentials, SID\n1 \x07Auditing standards promulgated by the Auditing Standards\n Board of the American Institute of Certified Public               worked with DHS/CBP to design, produce, secure print, per-\n Accountants.                                                      sonalize with laser engraving, mail, and fulfill the orders for\n\n\n                                            Office of Inspector General\n                                                               9\n\x0cborder crossing cards. The Trusted Traveler program pro-                employees and contractors. The overall responsibility\nvides expedited CBP processing at Canada and Mexico bor-                for a GPO-wide HSPD-12 Program lies with GPO\xe2\x80\x99s Chief\nder crossings for people who have undergone background                  Management Officer and Security organizations. SID\nchecks. The program maintains three databases of traveler               designs, prints, personalizes, and distributes the card.\ninformation, and each has its own intelligent ID card that              While not legally required to comply with HSPD-12, we con-\ncontains a radio frequency chip for remote reading. The                 tinue to recommend that the Agency strive toward volun-\nprograms are Nexus, for travel between the United States                tary compliance. To that end, several control objectives are\nand Canada; Secure Electronic Network for Travelers Rapid               critical for meeting the security, efficiency, fraud preven-\nInspection (SENTRI), for use on                                                                   tion, and privacy protection goals\nthe U.S./Mexico border; and Free             During FY 2008, SID                                  that HSPD-12 requires and the\nand Secure Trade, for approved           successfully manufactured                                Agency must maintain through-\ncommercial truck drivers travel-                                                                  out the lifecycle of deployment.\ning between the three countries.            more than 23 million                                        Whatever its intentions, the\n      SID made the smart card            electronic passports for the                             Agency should employ the best\nprogram possible by reaching                                                                      practices established by HSPD-12\ntwo critical milestones. First, SID\n                                          Department of State and                                 and begin addressing several of the\nestablished a secure e-Credential         established a new, secure                               control objectives, including sep-\nproduction capability. It selected      smart card credential center                              arating duties for registering and\nan experienced integrator that                                                                    issuing credentials; using original\ncould provide a turnkey solu-            to support the Department                                identity source documents; using\ntion for the personalization func-         of Homeland Security\xe2\x80\x99s                                 appropriate background investi-\ntions of the program, including all                                                               gations; and using smart cards as\nnecessary equipment, systems,\n                                             Customs and Border                                   person-identity-verification cre-\nand technical support services.2         Patrol (DHS/CBP) Trusted                                 dentials. The OIG will continue to\nThe personalization equipment                                                                     monitor Agency efforts regarding\n                                          Traveler Program (TTP).                                 internal deployment of HSPD-12\nand system configured for GPO\nenables the Agency to offer a broad range of e-Credential               and conduct audits as necessary for Agency compliance\ncapabilities. Second, DHS/CBP requisitioned from GPO                    with Federal Information Processing Standards Publication\nhundreds of thousands of secure Trusted Traveler Cards                  201, \xe2\x80\x9cPersonal Identify Verification of Federal Employees\n      Although other concerns received attention, sev-                  and Contractors.\xe2\x80\x9d\neral matters must continue as a priority for management.\nAlthough GPO and the Department of State finalized a                    7. Supporting Congressional Printing. In a previous report-\nMemorandum of Understanding in December 2007, man-                      ing period, we noted that the Joint Committee on Printing\nagement needs to continue to address technology as well                 expressed concerns to management that apparently stem\nas data security related to the electronic passport, inven-             from late deliveries of printed versions of legislative docu-\ntory volume, and storage of blank passport books. During                ments the House of Representatives and Senate require.\nFY 2008, we assessed the operating system security of the               Reported reasons for the late deliveries included changes in\nPassport Printing and Production System (PPPS). We rec-                 staffing, reorganization of the workforce, use of use-or-lose\nommended several steps that would improve security and                  leave during critical times, and various IT matters. During\nintegrity controls. During FY 2008, we also initiated an audit          this reporting period, management has, as in our last report-\nof database security for that system.                                   ing period, consistently produced and delivered congressio-\n      Finally, GPO faces the challenge of deploying its own             nal products on time. We therefore no longer consider this\nHomeland Security Presidential Directive 12 (HSPD-12)                   issue a significant management challenge.\ninfrastructure and issuance of identity credentials to\n                                                                        8. Information Technology and Systems Management.\n2 \x07The equipment and processes are operated exclusively by GPO          As GPO transforms from an ink-on-paper operation\n employees, and the integrator now provides consulting services.        to a highly efficient and secure multimedia digital\n\n\n                                          Semiannual Report to Congress\n                                                                   10\n\x0ce\xc2\xad nvironment, management of the Agency\xe2\x80\x99s IT resources is\n critical to the success of its vision and mission. Acquisition,\n implementation, and sustainment of engineering issues\n associated with Information Technology and Systems\n (IT&S), including security issues, provide GPO with new\n management challenges.\n       Noteworthy challenges for the IT&S function include\n establishing a top level Enterprise Architecture and sup-\n port for a number of significant initiatives, including\n FDsys, the e-Passport system, digital publication authen-\n tication using a Public Key Infrastructure (PKI), informa-             toward using PKI for the benefit of a variety of customers.\n tion system management, implementation of the Oracle                   PKI will serve as an important contributor for future reve-\n E-Business Suite, and implementation of digital human                  nue-generating activities within GPO. To partially meet PKI\n resources systems. To create a plan that will help mitigate            certification provisions, the OIG conducts annual compli-\n risks on aging legacy systems, IT&S initiated an analysis              ance reviews that determine whether assertions related to\n of legacy applications and its impact on business opera-               the adequacy and effectiveness of the controls over GPO\xe2\x80\x99s\n tions. Legacy systems increasingly inhibit Agency ability              PKI Certificate Authority operations are fairly stated based\n to respond to customer needs and must be replaced. In FY               on underlying principles and evaluation criteria. Finally, the\n 2008, IT&S completed a 5-year strategy that should help                OIG will continue to lead IV&V activities associated with the\n guide the Agency through implementation of new sys-                    ongoing implementation of the Oracle E-Business Suite and\n tems and retirement of legacy systems. In FY 2009, FDsys,              implementation of FDsys.\n human resource systems, and certain Oracle E-Business\n modules are scheduled to be operational.                               9. Customer Service. As the Agency moves closer to its\n       Because GPO provides services to Executive Branch                goal of transforming to a 21st Century information pro-\nagencies who must comply with the Federal Information                   cessing and dissemination operation, customer ser-\nSecurity Management Act of 2002 (FISMA), GPO chose to sub-              vices for GPO must reflect and advance that transforma-\n stantially comply with the principles of the Act. Complying            tion. To ensure success in the future, management must\nwith FISMA presents additional challenges for IT&S, includ-             maintain the appropriate focus, staffing, and alignment\ning protecting sensitive Agency systems, information, and               with its Strategic Vision. The culture and focus of cus-\ndata. During FY 2007, the OIG conducted an assessment of                tomer service efforts must reflect a new way of thinking,\ncompliance with FISMA to identify any gaps and deficiencies             and customers should come to GPO because they want\nin the overall information security program, including criti-           to\xe2\x80\x94not because they must. Transformation of the tra-\ncal systems. We conducted a follow-on FISMA assessment                  ditional GPO customer relationship requires a continu-\nin FY 2008. We also conducted the annual assessment of the              ing evolution toward state-of-the-art customer relations\n GPO enterprise network infrastructure to evaluate the level            management.\n of security controls in place that help protect IT resources\n from unauthorized access and compromise.                               10. Acquisition. The OIG continues to be concerned with\n       As the Agency fulfills its mission in the vital arena of         the Agency\xe2\x80\x99s ability to efficiently and effectively acquire the\n electronic information dissemination and E-Government,                 high-technology goods and services necessary for trans-\n GPO established a PKI that will serve the needs of the                 forming the Agency. Acquisitions such as FDsys and the\n Agency, its legislative branch partners, and other Federal             upcoming e-Passport procurement require a professionally\n partners.3 The PKI is cross-certified with the Federal Bridge          trained contracting workforce skilled at carrying out nontra-\nCertificate Authority\xe2\x80\x94a substantial and necessary step                  ditional acquisitions. In addition, in concert with the Public\n                                                                        Printer\xe2\x80\x99s Sustainable Environmental Stewardship initiative,\n                                                                        the Agency must be able to navigate the acquisition rules to\n3 \x07PKI ensures the highest level of protection for electronic\n information that travels over ordinary, nonsecure networks\n                                                                        determine how best to promote this initiative through every\n by encrypting information.                                             product it buys and provides for its customers.\n\n\n                                              Office of Inspector General\n                                                                   11\n\x0c\x0cOffice of Audits and Inspections                                    C. External Peer Review of the Board of\n(OAI)                                                               Governors of the Federal Reserve System\n                                                                    Section 3.55 of the GAGAS requires that each audit organi-\n                                                                    zation performing audits or attestation engagements have\n\n\n\nO\n          AI, as required by the IG Act, conducts indepen-          an external peer review performed by reviewers indepen-\n          dent and objective performance and financial              dent of the audit organization being reviewed at least once\n          audits relating to GPO operations and programs,           every three years.\nand oversees the annual financial statement audit an IPA                  The elements of quality control are described in\nfirm under contract performs. OAI also conducts short-              GAGAS. A quality control system encompasses the orga-\nterm inspections and assessments of GPO activities that             nizational structure as well as the policies adopted and\ngenerally focus on issues limited in scope and time. All            procedures established to provide reasonable assurance\nOIG audits are performed in accordance with generally               of conforming with GAGAS. The design of the system, and\naccepted government auditing standards (GAGAS) that                 compliance with it in all material respects, are the respon-\nthe Comptroller General of the United States issues. When           sibility of the audit organization. The objective of the exter-\nrequested, OAI provides accounting and auditing assis-              nal peer review is to determine whether the internal qual-\ntance for both civil and criminal investigations. OAI refers        ity control system was adequate as designed and complied\nto OI for investigative consideration any irregularities or         with to provide reasonable assurance that applicable audit-\nsuspicious conduct detected during audits, inspections,             ing standards, policies, and procedures were met.\nor assessments.                                                           The OIG conducted an external peer review of the\n                                                                    Board of Governors of the Federal Reserve System\xe2\x80\x99s\nA. Summary of Audit and                                             Inspector General Audit Organization (Board OIG) for the\nInspection Activity                                                 18\xe2\x80\x91month period ending March 31, 2008. We conducted\nDuring this reporting period, OAI issued seven new audit            our review in accordance with the guidelines established\nand assessment reports. Those 7 reports contained a total           by the PCIE and ECIE and rendered an unqualified opin-\nof 16 recommendations for improving GPO operations,                 ion on the Board OIG\xe2\x80\x99s audit quality control system in\nincluding strengthening internal controls throughout                effect for the 18\xe2\x80\x91month period ending March 31, 2008.\nthe Agency. OAI continued its work with management to\nclose open recommendations carried over from previous               D. Future Digital System \xe2\x80\x93 Independent\nreporting periods. As of September 30, 2008, 39 recom-              Verification and Validation\nmendations were open.                                               The FDsys will be a comprehensive information lifecy-\n                                                                    cle management system that will ingest, preserve, pro-\nB. TeamMate Audit Software                                          vide access to, and deliver content of all three branches\nImplementation                                                      of the Federal Government. The system is envisioned\nOAI continued its implementation of TeamMate audit                  as a comprehensive, systematic, and dynamic means of\nsoftware during this reporting period. TeamMate auto-               preserving electronic content free from dependence on\nmates the entire workpaper process, including prepara-              specific hardware and/or software. It will have 6 clusters\ntion, review, report generation, and global issue tracking,         (Content Management, Content Preservation, Content\nand OAI will use the program to increase the efficiency             Access, Content Delivery, Content Submission, and\nand productivity of the entire audit process including              Infrastructure), which comprise 25 or more functional\nrisk assessment, scheduling, preparation, review, report            areas. A multiyear, multirelease integration effort will be\ngeneration, and global issue tracking. TeamMate was                 used to design, procure, develop, integrate, and deploy\noriginally designed for all types of audits, including com-         selected technologies and components of FDsys.\npliance, contract, controls, efficiency and regulatory                   During the last reporting period, GPO reorganized\nreviews, financial, government, IT, investigations, pro-            the FDsys Program with respect to GPO and contractor\ncedural, and security.\xc2\xa0OAI has successfully begun using             participation and responsibilities. The reorganization\nTeamMate for new audit assignments.\xc2\xa0                                reduces contractor tasking and increases GPO efforts.\n\n\n\n                                          Office of Inspector General\n                                                               13\n\x0cGPO is now managing development, integration, and                      has significantly less functionality than R1C and that R1C2\ndeployment of FDsys. A contractor is developing the actual             is costing more and taking longer to deploy, while provid-\nFDsys software and support procurement and installation                ing less functionality and less data.6 Specifically:\nof the system hardware.\n     The OIG is responsible for IV&V work associated with                  \xe2\x96\xa0\xe2\x96\xa0   The estimated cost to complete R1C2 exceeds the\ndeveloping and implementing FDsys. We contracted with                           anticipated cost of R1C by $8\xc2\xa0 million ($24 million\nAmerican Systems4 to conduct the evaluations. American                          for R1C2 versus $16 million for R1C). An additional\nSystems has extensive IV&V experience with the Federal                          $10 million is the estimate to complete all the origi-\nsector, and IV&V work will determine whether system                             nal R1C.\nimplementation is consistent with the FDsys project plan                   \xe2\x96\xa0\xe2\x96\xa0   The planned completion date for R1C2 is a year and\nand cost plan and meets GPO requirements. Additionally,                         a half after the original date for R1C (December 2008\nIV&V will monitor development and program manage-                               for R1C2 versus June 2007 for R1C). An additional\nment practices and processes to anticipate potential                            year is the estimate to complete all of R1C.\nissues. Specific IV&V tasks include:                                       \xe2\x96\xa0\xe2\x96\xa0   The amount of data available for the R1C2 deploy-\n                                                                                ment will be significantly less than was planned for\n    \xe2\x96\xa0\xe2\x96\xa0   Program Management \xe2\x80\x93 IV&V activities regarding the                     R1C (as measured by document collections, 8 to 10\n         cost, schedule, and risk associated with development                   collections for R1C2 versus 55 collections planned for\n         and implementation to evaluate overall program                         R1C). There is no estimate for when the remaining\n         management effectiveness.                                              collections will be made available.\n    \xe2\x96\xa0\xe2\x96\xa0   Technical \xe2\x80\x93 IV&V activities regarding the resources,\n         system requirements, architecture and design docu-\n         ments, and other critical deliverables associated with        E. Oracle Release 2 \xe2\x80\x93 Independent\n         FDsys development and implementation.                         Verification and Validation\n    \xe2\x96\xa0\xe2\x96\xa0   Testing \xe2\x80\x93 IV&V activities regarding the Design Vali-          GPO is implementing the Oracle E-Business Suite in a\n         dation Test Plan and test efforts performed by the            series of phased releases with incremental functional\n         implementation team to verify the adequacy and                capabilities. GPO has completed some early implementa-\n         completeness of testing activities.                           tion start-up projects to become familiar with Oracle tech-\n                                                                       nology and work processes and to develop successful proj-\n                                                                       ect implementation skills. The current project, Release 2, is\n     In Section G, we discuss our report resulting from                implementing the Oracle Projects module, which consists\nthese IV&V efforts, which are ongoing and will continue                of project costing and project billing. Other capabilities\nthroughout the life of the project.                                    will be added to Purchasing, Inventory, Accounts Payable,\n     FDsys is being implemented through a series of                    Receivables, and other implemented Oracle modules.\nreleases, with each release building upon the features                       The OIG will oversee IV&V work associated with imple-\nof the previous. During this reporting period, our IV&V                mentation of the Oracle E-Business Suite. We contracted\nteam performed a gap analysis to determine the differ-                 with Noblis7 to conduct the IV&V evaluations. Noblis has\nences between the original plan for development of FDsys               extensive IV&V experience with the Federal sector. Our\nknown as R1C and the current plan to deploy R1C2 5 in                  IV&V work noted that the Release 2 project has had some dif-\nDecember of 2008. The gap analysis revealed that R1C2                  ficulties associated with requirements gathering and \xe2\x80\x9cto-be\xe2\x80\x9d\n\n\n4                                                                      6\n  \x07 merican Systems, located in Chantilly, Virginia, is a large\n  A                                                                      \x07 ur gap analysis does not separate costs or performance\n                                                                         O\n  IT company with significant experience in the realm of                 associated with the time periods before and after the\n  IV&V for Federal civilian and Defense Agencies, including              reorganization of the FDsys program.\n                                                                       7\n  the Department of State, the Navy, and the U.S. Agency for             \x07Noblis, located in Falls Church, Virginia, is a nonprofit\n  International Development.                                              science, technology, and strategy organization that helps\n5 \x07The original targeted first public release of FDsys R1C has            Federal and private sector clients solve complex systems,\n   now been divided into three releases: R1C2 in late 2008,               process, and infrastructure problems.\n   R1C3 in mid-2009, and R1C4 in late 2009.\n\n\n                                           Semiannual Report to Congress\n                                                                  14\n\x0cprocess definitions. However, steps have been taken to rem-        r\xc2\xad ecommendations addressing each deficiency and GPO\nedy many of the weaknesses. In Section G, we discuss our            management concurred with the recommendations.\nreport resulting from these IV&V efforts, which are ongoing              KPMG is currently auditing GPO\xe2\x80\x99s FY 2008 consoli-\nand will continue throughout the life of the project.               dated financial statements and assessing the status of the\n                                                                    FY 2007 findings to determine whether they will need to\nF. Financial Statement Audit Activity                               be reported again in the FY 2008 audit report, along with\nFederal law requires that GPO obtain an independent                 potentially new findings and recommendations.\nannual audit of its financial statements, which the OIG\noversees. KPMG is conducting the audit under a multi-              G. Audit and Inspection Reports\nyear contract for which the OAI provides oversight as the          1. \x07Assessment Report 08-07 (Issued May 30, 2008)\nContracting Officer\xe2\x80\x99s Technical Representative (COTR).\n                                                                     Protection of E-Passport Production System (PPPS)\nOAI also assists with facilitating the external auditor\xe2\x80\x99s\nwork as well as reviewing the work performed to ensure it            The PPPS includes various computer applications and\ncomplies with GAGAS. In addition, OAI provides adminis-              operating systems that support production of pass-\ntrative support to the KPMG auditors and coordinates the             ports. GPO\xe2\x80\x99s Plant Operations Division administers\naudit with GPO management.\n      KPMG issued an unqualified opinion\non GPO\xe2\x80\x99s FY 2007 consolidated financial      While performing a security audit of databases that\nstatements, stating that its financial state-support the PPPS hosted in Washington D.C., the\nments were presented fairly, in all mate-\nrial respects, in conformity with generally\n                                             OIG identified an issue related to protection of the\naccepted accounting principles. KPMG         e-Passport network and related computers.\nidentified three significant deficien-\ncies for FY 2007: (1) inadequate reconciliation controls,            PPPS computer applications while the GPO Chief\n(2) misapplication of U.S. generally accepted account-               Information Officer (CIO) is responsible for administer-\ning principles, and (3) general IT controls. KPMG made               ing PPPS operating systems. While performing a secu-\n                                                                     rity audit of databases that support the PPPS hosted in\n                                                                     Washington D.C., the OIG identified an issue related to\n                                                                     protection of the e-Passport network and related com-\n                                                                     puters. We issued a separate sensitive report containing\n                                                                     recommendations that would help further strengthen\n                                                                     controls over PPPS. Management took prompt correc-\n                                                                     tive action to implement the recommendation.\n\n                                                                   2. Assessment Report 08-08 (Issued August 8, 2008)\n                                                                     Federal Digital System Independent Verification\n                                                                     and Validation \xe2\x80\x93 Third Quarter Observations and\n                                                                     Recommendations\n\n                                                                     As noted above, the OIG contracted with American\n                                                                     Systems, a company with significant experience in the\n                                                                     realm of IV&V for Federal civilian and Defense agen-\n                                                                     cies, to conduct IV&V for the public release of FDsys.\n                                                                     As part of its contract, the contractor is assessing the\n                                                                     state of program management, technical and testing\n                                                                     plans, and other efforts related to this public release.\n                                                                     The contractor is required to issue to the OIG a quar-\n\n\n                                         Office of Inspector General\n                                                              15\n\x0c  terly Risk Management, Issues, and Traceability Report                c\xc2\xad onducted in May 2006 concluded that controls were\n  providing observations and recommendations on the                      not effective over (1) travel fares charged to the GPO\xe2\x80\x99s\n  program\xe2\x80\x99s technical, schedule and cost risks, as well as               Agency MasterCard account and (2) service fees\n  requirements traceability of those risks and the effec-                charged directly to GPO.\n  tiveness of the program management processes in                              The May 2006 audit identified approximately $32,000\n  controlling risk avoidance. Additionally, at the end of                in travel fares and service fees associated with travel by\n  each FDsys release phase, the contractor is required to                GPO employees during FY 2005 that could not be recon-\n  issue a release phase summary program management                       ciled with official travel records. The audit also found that\n  report that addresses delivery of the technical base-                  before authorizing monthly payments to BoA, the Agency/\n  line according to the FDsys Master Program Schedule                    Organization Program Coordinator did not verify that\n  and the risks that affect the schedule\xe2\x80\x99s critical path to              travel fares and NTS service fees charged to the Agency\n  the next phase.                                                        MasterCard account were for actual travel expenses. The\n        During this reporting period, the Agency imple-                  OIG recommended that the:\n  mented a reorganization of the Government and con-\n  tractor participation and responsibilities as well as                 \xe2\x96\xa0\xe2\x96\xa0   GPO Chief Financial Officer (CFO) eliminate use of\n  implemented a new design for FDsys. According to                           the Agency MasterCard account for airline and rail\n  GPO officials, the primary reason for the reorganiza-                      tickets and direct that NTS charge tickets to either the\n  tion was management\xe2\x80\x99s dissatisfaction with contrac-                        individual GPO traveler\xe2\x80\x99s Government-issued Mas-\n  tor performance. Although the OIG\xe2\x80\x99s first quarterly                        terCard or personal credit card.\n  report identified various weaknesses in program man-                  \xe2\x96\xa0\xe2\x96\xa0   The GPO CFO direct NTS to charge service fees to\n  agement practices the contractor used for the Release                      each individual GPO traveler\xe2\x80\x99s Government-issued\n  1.B pilot system, our IV&V contractor was not tasked                       MasterCard or personal credit card.\n  to investigate or evaluate the reasons behind GPO\xe2\x80\x99s\n  decision to reorganize the program, and accordingly                      Management concurred with the recommendations\n  did not render an opinion on the reorganization. The                and agreed to implement corrective actions. The OIG sub-\n  contractor was, however, responsible for informing the              sequently performed this follow-up audit to determine\n  OIG of the risks the FDsys program faces at the end of              whether recommendations made in the May 2006 audit\n  each quarter.                                                       were effectively implemented. The follow-up audit showed\n        This third quarter report contains findings and               that although management implemented changes in pol-\n  recommendations that further strengthen management                  icy addressing the recommendations, problems similar\n  of the FDsys program and management\xe2\x80\x99s response to                   to those identified in our May 2006 audit continued. For\n  those recommendations. Management concurred with                    example, throughout almost all of FY 2007, the GPO Travel\n  each of the recommendations and either took or pro-                 Manager authorized payments to BoA of approximately\n  posed responsive corrective actions.                                $96,512 for travel fares and service fees for 147 employees\n                                                                      whose expenses were charged to the Agency MasterCard\n3. Audit Report 08-09 (Issued August 8, 2008)                         account\xe2\x80\x94despite the fact that 36 (24 percent) of those\n                                                                      employees had a Government-issued MasterCard. Charging\n  Follow-up Audit of Centrally Charged Travel\n                                                                      fares and fees to the wrong account continued because inef-\n  Expenditures\n                                                                      fective controls hampered the GPO Travel Manager from\n  GPO has an agency account with MasterCard through                   identifying questionable charges for travel fares and service\n  the Bank of America (BoA) for the centralized charg-                fees NTS makes through the Agency MasterCard account\n  ing and billing of various common travel expendi-                   with BoA. Because the controls were ineffective, monthly\n  tures. The agency also has contracted with National                 invoices to BoA for the Agency MasterCard account were\n  Travel Services, Inc. (NTS) to provide assistance to GPO            not reconciled to travel vouchers.\n  travelers in making travel arrangements including                        Reconciliation would have verified whether travel\n  \xc2\xadairline, rail, hotel, and rental car reservations. A previ-        fares and service fees NTS billed through BoA were accu-\n   ous OIG audit of centrally charged travel \xc2\xadexpenditures            rate, were actually incurred for official business, and\n\n\n                                        Semiannual Report to Congress\n                                                                 16\n\x0cc\xc2\xad omplied with Agency policy. Because reconciliations            The audit identified that although not mandated\n did not take place, the GPO Travel Manager was not able to to comply with the guidelines and directives of the\n determine that NTS charged $24,233.61 in travel fares and  Equal Employment Opportunity Commission (EEOC)\n service fees to the Agency MasterCard account for 56 trips concerning model affirmative action programs, prior\n taken by the 36 employees who possessed a Government-      to this audit commencing, senior officials at GPO began\n issued MasterCard. Adding to that condi-\n tion, 14 employees subsequently submitted\n travel vouchers requesting reimbursement             \xe2\x80\x9cEveryone in the workplace should be afforded\n for travel fares and service fees charged to         the opportunity to develop, perform, and\n the Agency account. We identified approxi-\nmately $8,495 that GPO can recover because\n                                                      advance to their maximum potential based solely\nof erroneous payments.                                on their merit and without regard to race, color,\n       A total of three recommendations were\nmade to further strengthen management\n                                                      religion, national origin, gender, age, disability,\nof GPO travel expenditures. Management                or sexual orientation.\xe2\x80\x9d\nconcurred with each recommendation Testimony on GPO\xe2\x80\x99s Diversity Management Programs by J. Anthony Ogden, Inspector General, before the\nand implemented responsive corrective Subcommittee on Federal Workforce, Postal Service, and the District of Columbia on September 16, 2008.\nactions.\n\n4. \x07Audit Report 08-10 (Issued September 11, 2008)                                adopting some elements of both EEOC Management\n                                                                                  Directive-715 (MD-715) and the leading diversity\n    Diversity Management Programs at GPO\n                                                                                  management practices identified by the Government\n    The OIG audited diversity management programs                                 Accountability Office (GAO).\n    at GPO in response to a request from the Chairman                                   In addition, GPO has made progress in develop-\n    of the Subcommittee on Federal Workforce, Postal                              ing its pool of Grade 15s (PG\xe2\x80\x9115s) to ensure a quali-\n    Service, and the District of Columbia, of the House                           fied minority pool for the Agency\xe2\x80\x99s SLS.10 However,\n    of Representatives\xe2\x80\x99 Committee on Oversight and                                improvements can be made toward enhancing diver-\n    Government Reform. The Subcommittee requested                                 sity of the Agency\xe2\x80\x99s corps of SLS employees. The audit\n    that the OIGs of each Legislative Branch Agency assess                        also showed that GPO complaints and discrimi-\n    the programs the diversity offices have in place to                           nation data reported to the EEOC during FY 2007\n    address diversity concerns.8 The objectives of the audit                      and eventually reported to Congress were accurate\n    were to review diversity within GPO, specifically to:                         and complete. Finally, although diversity manage-\n                                                                                  ment programs are incorporated in the Affirmative\n    \xe2\x96\xa0\xe2\x96\xa0   Identify and assess the diversity program at GPO to                      Employment Program Division of the EEO Office,\n         determine if it is yielding the desired results\xe2\x80\x94that of                  the Director of EEO is independent of the General\n         creating a more diverse population of women and                          Counsel, and to a certain extent independent of the\n         minorities in top leadership positions, specifically the                 Public Printer in EEO matters.\n         Senior Level Service (SLS).9                                                   Opportunities exist for GPO to develop a more\n    \xe2\x96\xa0\xe2\x96\xa0   Evaluate the accuracy and completeness of the com-                       diverse population of qualified women and minorities\n         plaints and discrimination data reported to Congress.                    in top leadership positions. We made two recommen-\n    \xe2\x96\xa0\xe2\x96\xa0   Assess the degree to which diversity offices or func-                    dations to management: 1) incorporate the remain-\n         tions are independent of the General Counsel and                         ing essential elements of MD-715 and 2) implement\n         the Public Printer.                                                      the nine leading practices for diversity management\n\n8                                                                          10 \x07\n   \x07 ther legislative branch agencies include the Library of\n   O                                                                          At GPO, a Printing Office Grade (PG) 15 is the senior most\n   Congress, Government Accountability Office, Architect of                   grade and is generally equivalent to the General Schedule\n   the Capitol, and the Capitol Police.                                       Grade 15 classified by the Office of Personnel Management.\n9\n  \x07SLS is the GPO equivalent to the Senior Executive Service (SES).           Positions at GPO above Grade PG-15 are in the SLS.\n\n                                               Office of Inspector General\n                                                                      17\n\x0c  identified by GAO. Such modifications should help               6. \x07Assessment Report 08-12 (Issued September\n  the Agency manage its workforce, create an environ-                 30, 2008)\n  ment that helps diminish barriers for protected groups\n                                                                    Assessment of GPO\xe2\x80\x99s Transition Planning for Internet\n  and help attract and retain capable employees from\n                                                                    Protocol Version 6\n  diverse backgrounds. Management concurred with\n  each of the recommendations and stated that imple-                The OIG assessed Agency planning for the transition\n  mentation would require the Public Printer\xe2\x80\x99s review               from Internet Protocol version 4 (IPv4) to version 6 (IPv6).\n  and approval.                                                     Internet routing protocols are used to exchange infor-\n                                                                    mation across the Internet. Protocols are standards that\n5. \x07Assessment Report 08-11 (Issued September                       define how computer data are formatted and received by\n    18, 2008)                                                       other computers. IPv6 is a developing Internet protocol\n                                                                    which will provide many benefits such as more Internet\n  WebTrust Assessment of GPO\xe2\x80\x99s Certification\n                                                                    addresses, higher qualities of service, and better authen-\n  Authority \xe2\x80\x93 Attestation Report\n                                                                    tication, data integrity, and data confidentiality.\n  GPO implemented a PKI to support its mission related                    OMB recently announced that all Executive\n  to electronic information dissemination and e-Gov-                Branch agencies met a June 30, 2008, deadline for suc-\n  ernment, and to meet GPO customer expectations                    cessfully demonstrating IPv6 capability of network\n  that documents are official                                                               backbones. While GPO was not\n  and authentic. The GPO PKI\n                                    IPv6 is a developing Internet                           required to meet the OMB dead-\n  is certified with the Federal                                                             line, IPv6 capability provides cer-\n  Bridge Certificate Authority,      protocol which will provide                            tain benefits to GPO as industry\n  whose certification provi-            many benefits such as                               provides products and services\n  sions require that the GPO                                                                that are IPv6-enabled.\n  PKI undergo an annual inde-\n                                       more Internet addresses,                                   The OIG assessment identi-\n  pendent compliance review.          higher qualities of service,                          fied that GPO plans to transition\n  To satisf y this compliance\n  requirement, the GPO OIG\n                                     and better authentication,                             to IPv6 as part of a broad acqui-\n                                                                                            sition plan that will update its\n  tasked an IPA firm to conduct        data integrity, and data                             IT infrastructure. Specific target\n  a WebTrust assessment of its             confidentiality.                                 dates for these updates have not\n  Certification Authority (CA).                                                             been finalized. The OIG believes\n  The assessment was con-                                           that the planned transition is an effective long-term\n  ducted in accordance with the American Institute                  approach. In the short term, GPO should consider\n  of Certified Public Accountants (AICPA) \xe2\x80\x9cWebTrust                 implementing the minimum IPv6 requirement, which\n  Principles and Criteria for Certification Authorities.\xe2\x80\x9d           should ensure that resources such as FDsys are capable\n  The assessment represents an evaluation of whether                of ingesting information from IPv6 sources. Two rec-\n  GPO management\xe2\x80\x99s assertions related to the adequacy               ommendations were made to management to enhance\n  and effectiveness of controls over its CA operations              planning for the IPv6 transition. Management con-\n  are fairly stated based on underlying principles and              curred with each of the recommendations and has\n  evaluation criteria.                                              either taken or planned responsive corrective actions.\n        From July 1, 2007, through June 30, 2008, the IPA\n  issued an Attestation Report expressing its unqualified         7. \x07Assessment Report 08-13 (Issued September\n  opinion that the GPO management assertion related                   30, 2008)\n  to its CA operations was in all material respects fairly\n                                                                    Oracle E-Business Suite Release 2 Independent\n  stated based on the AICPA WebTrust for Certification\n                                                                    Verification and Validation \xe2\x80\x93 Program Management\n  Authorities criteria. The report is sensitive.\n                                                                    The OIG contracted with a nonprofit science, \xc2\xadtechnology,\n                                                                    and strategy organization to conduct IV&V of the GPO\n\n\n                                      Semiannual Report to Congress\n                                                             18\n\x0c  Oracle Program\xe2\x80\x99s E-Business Suite Release 2 implemen-            sensitive and are limiting discussion of its findings.\n  tation. The overall objective of IV&V is to \xc2\xaddetermine           Further details regarding assessment findings can be\n  whether system implementation is consistent with                 obtained by contacting the OIG.\n  the Oracle project plan and cost plan, and whether the\n  delivered system meets GPO requirements. The con-                Recommendation\n  tractor is tasked with assessing program management,             The OIG made four recommendations that should\n  technical, and testing activities associated with the            strengthen internal controls associated with the GPO\n  Release 2 implementation and required by the contract            enterprise network. Those recommendations should\n  to issue a monthly program risk assessment as well as            reduce the risk of compromise to GPO data and systems.\n  summary reports for program management, technical,               Based on corrective action management took, we closed\n  and testing IV&V.                                                one recommendation when the final report was issued.\n        This first report is the summary report on Oracle          Management Comments\n  Release 2 program management. Program manage-                    Management concurred with each of the report\xe2\x80\x99s rec-\n  ment IV&V focuses on activities that define and shape            ommendations and initiated corrective action.\n  the program and projects that support them. As part\n  of program management IV&V, the IV&V contractor                  OIG Comments\n  analyzed program and project schedules, develop-                 Two recommendations made in this report remain\n  ment processes (for example, change management,                  open. The OIG is working with management and moni-\n  issue tracking, and risk management approaches)                  toring implementation of the remaining recommen-\n  and conducted risk analyses. The report contained                dations.\n  four recommendations designed to strengthen cur-\n  rent and future Oracle program management efforts.             2. \x07Assessment Report 06-03 (Issued March 31,\n  Management concurred with each of the four recom-                  2006)\n  mendations and has either taken or proposed respon-\n                                                                   GPO Oracle Program Stakeholder Analysis\n  sive corrective actions.\n                                                                   Finding\nH. Status of Open Recommendations                                  The assessment identified several vulnerabilities\nManagement officials made significant progress in imple-           associated with the GPO Oracle Program and made\nmenting and closing many of the recommendations iden-              recommendations that would help mitigate risks\ntified during previous semiannual reporting periods. For           associated with those vulnerabilities. The vulner-\nthe 39 recommendations still open, a summary of the                abilities identified during the assessment included\nfinding and recommendations, along with the status of              (1)\xc2\xa0top management support not aligned with program\nactions for implementing the recommendation and OIG                execution; (2)\xc2\xa0inadequate functional and technical\ncomments, follow.                                                  staffing; (3)\xc2\xa0lack of a methodology for organizational\n                                                                   restructuring; (4)\xc2\xa0lack of targeted performance met-\n1. \x07Assessment Report 06-02 (Issued March 28,                      rics; and (5)\xc2\xa0lack of an effective method for managing\n    2006)                                                          program progress.\n\n  GPO Network Vulnerability Assessment\n                                                                   Recommendation\n  Finding                                                          To help ensure the Oracle Program meets expectations\n  Although GPO has many enterprise network controls in             of its stakeholders, the OIG made 13 recommendations\n  place, improvements that will strengthen the network             in the areas of staffing, management alignment and\n  security posture are needed. During internal testing,            organizational restructuring, use of performance met-\n  we noted several vulnerabilities requiring strength-             rics, and management of program progress.\n  ening of controls. However, no critical vulnerabili-\n  ties were identified during external testing. Although           Management Comments\n  unclassified, we consider the results of the assessment          Management concurred with each of the report\xe2\x80\x99s\n\n\n                                        Office of Inspector General\n                                                            19\n\x0c  r\xc2\xad ecommendations and agreed to take corrective actions              information and information systems that support the\n   throughout implementation of the project.                           operations and assets of the agency, including those\n                                                                       provided or managed by another agency, contractor,\n  OIG Comments                                                         or other source.11 Although a legislative branch agency,\n   As of the end of this reporting period, six recommen-               the Agency has recognized the need to be FISMA com-\n  dations remain open. Management is continuing to                     pliant because of the services it provides, including ser-\n  work on implementing corrective actions. We antici-                  vices to Executive Branch agencies. The OIG issued a\n  pate that these recommendations will be closed upon                  sensitive report concluding that although the Agency\n  implementation of Oracle Release 2.                                  has taken steps to comply with FISMA, additional prog-\n                                                                       ress is needed to fully comply.\n3. \x07Assessment Report 07-01 (Issued November\n    20, 2006)                                                          Recommendation\n                                                                       The report contains 11 recommendations which, if imple-\n  Report on Early Oracle Implementation:\n                                                                       mented, will help move GPO toward FISMA compliance.\n  Independent Verification and Validation\n\n  Finding                                                              Management Comments\n  The OIG initiated IV&V activities beginning with two                 Management concurred with each of the recommen-\n  of the early implementation projects for Oracle. The                 dations and proposed corrective actions.\n  objective of IV&V is to provide GPO with an indepen-\n  dent assessment of project status, satisfaction of user              OIG Comments\n  needs, and project cost effectiveness. The OIG issued                Management is working on implementing corrective\n  a sensitive report summarizing vulnerabilities identi-               actions for the open recommendations. As part of the\n  fied during the IV&V activities.                                     2008 FISMA review, we reviewed management\xe2\x80\x99s prog-\n                                                                       ress in implementing the recommendations. We closed\n  Recommendation                                                       4 of the 11 recommendations.\n  The report includes 21 recommendations to manage-\n  ment for strengthening controls and mitigating risks           5. \x07Assessment Report 07-10 (Issued September\n  associated with the vulnerabilities.                               28, 2007)\n                                                                       Report on Perimeter Security Assessment of a GPO\n  Management Comments\n                                                                       Building\n  Management concurred with each of the recommen-\n  dations and proposed corrective actions.                             Finding\n                                                                       The Federal Protective Service (FPS), an organization\n  OIG Comments                                                         within the DHS, provides law enforcement and secu-\n  Nine recommendations made in this report remain                      rity services to the General Services Administration\n  open. Management continues to work on implement-                     for \xc2\xadf ederally owned and leased facilities. At the\n  ing corrective actions.                                              request of the OIG, FPS conducted a physical secu-\n                                                                       rity \xc2\xada ssessment of a GPO building. The FPS meth-\n4. \x07Assessment Report 07-09 (Issued September                          odology for assessing security in the GPO building\n    27, 2007)                                                          included (1) identifying existing countermeasures at\n                                                                       the facility, (2) identifying credible threats to the facil-\n  Report on GPO\xe2\x80\x99s Compliance with the Federal\n                                                                       ity, and (3) rating each threat as to potential impact of\n  Information Security Management Act (FISMA)\n                                                                       loss and vulnerability. The sensitive report contains\n  Finding                                                              recommendations intended to enhance security of\n  FISMA requires that each Executive Branch Agency                     the building.\n  develop, document, and implement an agency-wide\n  program for providing information security for the             11\n                                                                      \x07Section 3541, title 44, United States Code.\n\n\n                                     Semiannual Report to Congress\n                                                            20\n\x0c  Recommendation\n  The report contains 12 recommendations which, if imple-\n  mented, will help enhance security of the building.\n\n  Management Comments\n  Management concurred with each of\n  the recommendations and proposed\n  corrective actions.\n\n  OIG Comments\n  During this reporting period, manage-\n  ment closed one of the remaining three\n  open recommendations. Two recommen-\n  dations remain open. With proposed cor-\n  rective actions in place, we anticipate closing\n  the remaining two recommendations during the\n  next reporting period.\n\n6. \x07Assessment Report 08-01 (Issued November\n    1, 2007)\n  GPO Network Vulnerability Assessment\n\n  Finding\n  The OIG completed a vulnerability assessment of the\n  GPO enterprise network infrastructure and evaluated\n  the level of security controls in place that help protect\n  the Agency\xe2\x80\x99s IT resources from unauthorized access                  the risk of system compromise and loss of availability.\n  and compromise. We limited our assessment to the area\n  between GPO\xe2\x80\x99s Internet service provider and the outer-\n  most firewall interface where the Agency\xe2\x80\x99s publicly avail-          Management Comments\n  able network resources, such as GPO Access, are hosted.             Management concurred with each of the recommen-\n  That area is commonly referred to as the demilitarized              dations and proposed corrective actions.\n  zone, or DMZ. We determined whether GPO (1)\xc2\xa0main-\n  tained a robust and effective vulnerability scanning and            OIG Comments\n  management program that identified and circumvented                 Two recommendations remain open. With proposed\n  common internal and external threats to its network,                corrective actions in place, we anticipate closing the\n  (2)\xc2\xa0used passwords in the DMZ strong enough to prevent              remaining two recommendations during the next\n  brute force attacks, and (3)\xc2\xa0patched systems in the DMZ             reporting period.\n  in a timely and effective manner. The audit revealed that\n  there was room for improvement and recommended                    7. \x07Assessment Report 08-04 (Issued March 28,\n  ways that would not only help strengthen security of the              2008)\n  publicly available network resources but also reduce the\n                                                                      Federal Digital System Independent Verification\n  risk of system compromise and loss of availability.\n                                                                      and Validation \xe2\x80\x93 First Quarter Observations and\n                                                                      Recommendations\n  Recommendation\n  The report contained seven recommendations to not                   Finding\n  only help strengthen network security but also reduce               The FDsys program is a multimillion dollar effort that\n\n\n                                          Office of Inspector General\n                                                               21\n\x0cGPO is funding for modernizing information collection,           8. \x07Assessment Report 08-06 (Issued March 31,\nprocessing, and dissemination capabilities it performs               2008)\nfor the three branches of the Federal Government.\n                                                                   Operating System Security for GPO\xe2\x80\x99s Passport\nThe OIG is conducting IV&V of FDsys implementa-\n                                                                   Printing and Production System\ntion through a contract with an IT company. Between\nJuly and September 2007, the contractor completed                  Finding\nits initial assessment of the FDsys prime contractor\xe2\x80\x99s             The PPPS includes various computer applications and\nprogram management practices used for the Release                  operating systems that support production of pass-\n1.B pilot system. The initial IV&V assessment showed               ports. The Agency\xe2\x80\x99s Plant Operations Division admin-\nthat the prime contractor established a strong basis for           isters PPPS computer applications while its CIO is\ngood program management practices for Release 1.B.                 responsible for administering PPPS operating systems.\nWe did, however, identify some weaknesses that could               If those operating systems are not configured securely,\nlead to schedule risk and cost overrun for Release\xc2\xa01.C if          critical computer applications such as databases and\nnot addressed in a timely manner. Those weaknesses                 custom applications are vulnerable to compromise.\nincluded the following areas.                                      The risk associated with compromise to the operat-\n                                                                   ing systems hosting such critical applications could\n\xe2\x96\xa0\xe2\x96\xa0   insufficient use of earned value analysis                     result in services being disrupted, sensitive informa-\n\xe2\x96\xa0\xe2\x96\xa0   lack of an Integrated Baseline Review                         tion being divulged, or even subject to forgery. The OIG\n\xe2\x96\xa0\xe2\x96\xa0   incomplete adherence to risk management program               assessed the security configuration for selected oper-\n                                                                   ating systems that support production of passports to\n\xe2\x96\xa0\xe2\x96\xa0   risks associated with testing\n                                                                   determine whether GPO enforces an appropriate level\n\xe2\x96\xa0\xe2\x96\xa0   lack of system capabilities documentation\n                                                                   of security.\n\xe2\x96\xa0\xe2\x96\xa0   insufficient Configuration Management Plan\n                                                                   Recommendation\nRecommendation                                                     The OIG issued a sensitive report containing eight rec-\nThe report contained 14 recommendations designed to                ommendations designed to not only help strengthen\nstrengthen management of the FDsys program.                        the security of the PPPS but also reduce the risk of sys-\n                                                                   tem compromise.\nManagement Comments\nManagement concurred with each of the recommenda-                  Management Comments\ntions and proposed responsive corrective actions.                  Management generally concurred with each of the\n                                                                   recommendations and proposed responsive correc-\nOIG Comments                                                       tive actions.\nDuring this reporting period, we worked with manage-\nment to close 8 of the remaining 11 open recommenda-               OIG Comments\ntions. We anticipate closing the remaining three rec-              During this reporting period, all of the eight recom-\nommendations during the next reporting period.                     mendations remained open.\n\n\n\n\n                                       Semiannual Report to Congress\n                                                            22\n\x0c\x0c\x0cOffice of Investigations (OI)\n\n\n\n\nT\n        he Office of Investigations (OI) conducts and coordi-\n        nates investigations relating to alleged or suspected\n        misconduct and monetary or material losses occur-\nring in GPO programs and operations. The subjects of OI\ninvestigations can be contractors, program participants,\nmanagement, or other Agency employees. Special Agents\nin OI are Federal Criminal Investigators. Investigators are\nalso designated as Special Police Officers.\n     Investigations that uncover violations of Federal law\nor GPO rules or regulations may result in administrative\nsanctions, civil or criminal prosecution. Prosecutions\nmay result in court-imposed prison terms, probation,\nfines, and restitution. OI can also issue Management\nImplication Reports, which identify issues uncovered\nduring an investigation it believes warrant management\xe2\x80\x99s\nprompt attention.\n\nA. Summary of Investigative Activity\nDuring this reporting period and in response to 50 con-              include false claims, false statements, wire and mail fraud,\ntacts, complaints, or allegations, OI opened 18 investiga-           product substitution, and Small Disadvantaged Business\ntive cases and closed 20. OI has 22 ongoing investigations.          Program violations. OI has seven open cases involving\nDuring this reporting period, one investigation resulted in          alleged procurement fraud.\nthree criminal indictments, one other case was accepted\nfor possible criminal prosecution, and one case against a            Employee Misconduct\ncontractor was forwarded to the agency for administra-               OI investigates allegations involving GPO employee\ntive action. In addition, two other workers\xe2\x80\x99 compensa-               misconduct. Allegations generally include misuse of\ntion investigations resulted in $245,289 in recoveries and           Government computers, theft, assaults, drug violations,\n$420,000 in cost savings over 10 years.                              gambling, and travel voucher fraud. OI has seven open\n                                                                     investigations involving alleged misconduct.\nB. Types of Cases\nOI investigative workload includes the following major cat-          Miscellaneous\negories:                                                             OI investigates miscellaneous administrative allegations\n                                                                     and other types of investigations that do not fall into one\nWorkers\xe2\x80\x99 Compensation Fraud                                          of the categories above. Examples of such investigations\nOI investigates GPO employees who allegedly submit                   include theft of Government property, illegal hacking, or\nfalse claims or make false statements to receive workers\xe2\x80\x99            requests for investigations by other legislative agencies. OI\ncompensation benefits. OI is working on three investiga-             has five open cases involving miscellaneous matters.\ntions involving possible fraudulent claims for workers\xe2\x80\x99\ncompensation.                                                        C. Status of Action on Referrals\n                                                                     OI investigative efforts result in both external and internal\nProcurement Fraud                                                    referrals for action.\nOI investigates allegations involving GPO contract service\nproviders defrauding the Government in connection with               External\nprocurement of goods and services. Violations generally              OI referred eight investigative matters to the Department\n\n\n                                           Office of Inspector General\n                                                                25\n\x0cof Justice for prosecution. Three GPO employees were              period, an appeal to that decision was decided in the\nindicted for the physical abuse of another employee.              Government\xe2\x80\x99s favor.\nProsecutorial action is pending in one civil and one other\ncriminal matter.                                                  Employee Misconduct\n                                                                  An OI investigation involving allegations of the use of\nInternal                                                          Government computers to view and download pornogra-\nTwo investigative matters were referred to management             phy was referred to management for action. During this\nfor action and are pending.                                       reporting period, the employee was terminated from GPO\n                                                                  employment for violations of Agency regulations on the\nD. Investigative Accomplishments                                  use of Government computers and the Internet.\nWorkers\xe2\x80\x99 Compensation Fraud\n                                                                  Procurement Fraud\nAn OI investigation resulted in a Department of Labor             OI investigated a GPO contractor for submitting false\ndetermination that an Office of Workers\xe2\x80\x99 Compensation             claims. The matter has been referred to the Office of\nPrograms (OWCP) claimant\xe2\x80\x94a GPO employee\xe2\x80\x94made                      General Counsel for possible suspension/debarment.\nfalse statements from 2003 to 2007, claiming no earn-                  Another OI investigation, worked jointly with sev-\nings. The OI investigation revealed the employee owned            eral other law enforcement entities, has revealed fraud-\nrental property and that since 1998 had been acting as            ulent purchase card transactions. This matter has been\nproperty manager, locating renters, collecting rents, and         accepted for prosecution consideration and the investi-\ncompleting small repairs. A forfeiture of $226,821.74 was         gation is ongoing.\nassessed, and the individual taken off OWCP rolls. A cost              Several other significant allegations concerning pos-\nsavings to the Government of $42,000 per year will also           sible procurement fraud were also received by OI. Those\nbe realized ($420,000 in actuary amount over 10 years).           investigations are ongoing and will soon be referred to the\n     In addition, another OI investigation resulted in a          Department of Justice for prosecution consideration.\nDepartment of Labor determination that another GPO\nemployee was overpaid $17,823 in workers\xe2\x80\x99 compensa-               Miscellaneous\ntion benefits.                                                          OI assisted the Library of Congress OI in a criminal\n     OI\xe2\x80\x99s continued proactive, investigative approach and         investigation. In addition, at the request of another legisla-\nits working relationship with the GPO Health Unit and             tive agency, OI continues to investigate a criminal matter\nthe Office of Workers\xe2\x80\x99 Compensation has also resulted in          accepted by the Department of Justice\xe2\x80\x99s Office of Public\nkeeping Agency Sick Injured Administrative costs under            Integrity for prosecution consideration.\n$20,000 per month.\n     A previous reporting period investigation of a               E. Work-In-Progress\nGPO Central Office employee of alleged workers\xe2\x80\x99 com-              Other significant OI matters are pending as of the end\npensation fraud resulted in forfeiture of $34,623.00 of           of this reporting period. Disposition and results of those\nthe employee\xe2\x80\x99s compensation. During this reporting                investigations will be provided in future reports.\n\n\n\n\n                                      Semiannual Report to Congress\n                                                             26\n\x0c\x0cAPPENDIX A: GLOSSARY AND ACRONYMS\n\nGlossary and Acronyms                                            Management Decision - An agreement between the IG and\n                                                                 management on the actions taken or to be taken to resolve a\nGlossary                                                         recommendation. The agreement may include an agreed-\n                                                                 upon dollar amount affecting the recommendation and an\nAllowable Cost - A cost necessary and reasonable for             estimated completion date unless all corrective action(s) is\nthe proper and efficient administration of a program             completed by the time agreement is reached.\nor activity.\n                                                                 Material Weakness - A significant deficiency, or combi-\nChange in Management Decision - An approved change               nation of significant deficiencies, that results in more than\nin the originally agreed-upon corrective action necessary        a remote likelihood that a material misstatement of the\nto resolve an IG recommendation.                                 financial statements will not be prevented or detected.\n\nDisallowed Cost - A questionable cost arising from an IG         Questioned Cost - A cost the IG questions because of an\naudit or inspection that management decides should not           alleged violation of a law, regulation, contract, cooperative\nbe charged to the Government.                                    agreement, or other document governing the expenditure\n                                                                 of funds; such cost is not supported by adequate docu-\nDisposition - An action that occurs from management\xe2\x80\x99s            mentation; or the expenditure of funds for the intended\nfull implementation of the agreed-upon corrective action         purposes was determined by the IG to be unnecessary or\nand identification of monetary benefits achieved (subject        unreasonable.\nto IG review and approval).\n                                                                 Recommendation - Actions needed to correct or elimi-\nFinal Management Decision - A decision rendered                  nate recurrence of the cause(s) of the finding(s) identified\nby the GPO Resolution Official when the IG and the               by the IG to take advantage of an opportunity.\nresponsible GPO manager are unable to agree on resolv-\ning a recommendation.                                            Resolution - An agreement reached between the IG and\n                                                                 management on the corrective action(s) or upon render-\nFinding - Statement of problem identified during an              ing a final management decision by the GPO Resolution\naudit or inspection typically having a condition, cause,         Official.\nand effect.\n                                                                 Resolution Official - The GPO Resolution Official is the\nFollow-up - The process that ensures prompt and respon-          Deputy Public Printer.\nsive action once resolution is reached on an IG recom-\nmendation.                                                       Resolved Audit/Inspection - A report containing recom-\n                                                                 mendations that have all been resolved without exception,\nFunds Put To Better Use - An IG recommendation that              but have not yet been implemented.\nfunds could be used more efficiently if management took\nactions to implement and complete the audit or inspec-           Unsupported Costs - Questioned costs not supported by\ntion recommendation.                                             adequate documentation.\n\n\n\n\n                                     Semiannual Report to Congress\n                                                            28\n\x0cAbbreviations and Acronyms\n\nAICPA\t      American Institute of Certified Public        GPO\t       U.S. Government Printing Office\n            Accountants                                   GPRA\t      Government Performance and Results Act\nBoA\t        Bank of America                               HSPD-12\t   Homeland Security Presidential\nCA\t         Certification Authority                                  Directive-12\nCCIG\t       Council of Counsels to the Inspector          IG \t       Inspector General\n            General                                       IG Act\t    Inspector General Act of 1978\nCFO\t        Chief Financial Officer                       IPA\t       Independent Public Accountant\nCIO\t        Chief Information Officer                     IPv4\t      Internet Protocol version 4\nCOOP\t       Continuity of Operations                      IPv6\t      Internet Protocol version 6\nCOTR\t       Contracting Officer\xe2\x80\x99s Technical               IT\t        Information Technology\n            Representative\n                                                          IT&S\t      Information Technology and Systems\nDHS/CPB\t    Department of Homeland Security\xe2\x80\x99s\n            Customs and Border Patrol                     IV&V\t      Independent Verification and Validation\n\nDMZ\t        Demilitarized Zone                            MIR\t       Management Implication Report\n\nECIE\t       Executive Council on Integrity                NTS\t       National Travel Services, Inc.\n            and Efficiency                                OALC\t      Office of Administrative/Legal Counsel\nFBCA\t       Federal Bridge Certification Authority        OAI\t       Office of Audits and Inspections\nFDLP\t       Federal Depository Library Program            OEP\t       Occupant Emergency Plan\nFDsys\t      Future Digital System                         OI\t        Office of Investigations\nEEOC\t       Equal Employment Opportunity                  OIG\t       Office of Inspector General\n            Commission\n                                                          OWCP\t      Office of Workers\xe2\x80\x99 Compensation\nMD-715\t     EEOC Management Directive 715                            Programs\nFIPS-201\t   Federal Information Processing                PCIE\t      President\xe2\x80\x99s Council on Integrity and\n            Standard Publication 201                                 Efficiency\nFISMA\t      Federal Information Security                  PKI\t       Public Key Infrastructure\n            Management Act\n                                                          PPPS\t      Passport Printing and Production\nFPS\t        Federal Protective Service                               System\nFY\t         Fiscal Year                                   SAS\t       Statement on Auditing Standards\nGAGAS\t      Generally Accepted Government                 SID\t       Security and Intelligent Documents\n            Auditing Standards\n                                                          SLS\t       Senior Level Service\n                                                          TTP\t       Trusted Traveler Program\n\n\n\n\n                                      Office of Inspector General\n                                                     29\n\x0cAPPENDIX B: INSPECTOR GENERAL ACT REPORTING REQUIREMENTS\n\nInspector General                Requirement Definition                   Cross-Reference\nAct Citation                                                              Page Number(s)\n Section 4(a)(2)                  Review of Legislation                   5\n                                  and Regulations\n\n Section 5(a)(1)                  Significant Problems, Abuses,           7\xe2\x80\x9311\n                                  and Deficiencies                        13\xe2\x80\x9322\n\n Section 5(a)(2)                  Recommendations for                     13\xe2\x80\x9322\n                                  Corrective Actions                      25\xe2\x80\x9326\n\n Section 5(a)(3)                  Prior Audit Recommendations Not         19\xe2\x80\x9322\n                                  Yet Implemented\n\n Section 5(a)(4)                  Matters Referred to                     25\xe2\x80\x9326\n                                  Prosecutorial Authorities\n\n Section 5(a)(5)                  Summary of Refusals to                  n/a\n                                  Provide Information\n\n Sections 5(a)(6) and 5(a)(7)     OIG Audit and Inspection Reports        13\xe2\x80\x9319\n                                  Issued (includes total dollar values\n                                  of Questioned Costs, Unsupported\n                                  Costs, and Recommendations that\n                                  Funds Be Put To Better Use)\n\n Section 5(a)(8)                  Statistical table showing the total     31\n                                  number of audit reports and the total\n                                  dollar value of questioned costs\n\n Section 5(a)(9)                  Statistical table showing the total     32\n                                  number of audit reports and the\n                                  dollar value of recommendations\n                                  that funds be put to better use\n\n Section 5(a)(10)                 Summary of prior Audit and              n/a\n                                  Inspection Reports issued for\n                                  which no management decision\n                                  has been made\n\n Section 5(a)(11)                 Description and explanation             n/a\n                                  of significant revised\n                                  management decision\n\n Section 5(a)(12)                 Significant management                  n/a\n                                  decision with which the IG\n                                  is in disagreement\n\n\n\n                                Semiannual Report to Congress\n                                                    30\n\x0cAPPENDIX C: STATISTICAL REPORTS\n\nTable C-1: Audit Reports With Questioned and Unsupported Costs\n\n                                                                                         \t\n                                                           Questioned     Unsupported\n Description                                                                             Total\n                                                           Costs          Costs\n\n\n\n Reports for which no management decision made by\n beginning of reporting period\n                                                           \t        $0    \t        $0    \t        $0\n\n\n\n\n Reports issued during reporting period                    \t        $0    \t        $0    \t        $0\n\n\n\n\n Subtotals                                                 \t        $0    \t        $0    \t        $0\n\n\n\n\n Reports for which a management\n decision made during reporting period\n\n 1. Dollar value of disallowed costs                       \t   $347,247   \t   $240,687   \t   $587,394\n 2. Dollar value of allowed costs                          \t         $0   \t         $0   \t         $0\n\n\n\n\n Reports for which no management decision\n made by end of reporting period                           \t        $0    \t        $0    \t        $0\n\n\n\n\n Reports for which no management decision\n made within 6 months of issuance                          \t        $0    \t        $0    \t        $0\n\n\n\n\n                                          Office of Inspector General\n                                                      31\n\x0cTable C-2: Audit Reports With Recommendations That Funds Be Put to Better Use\n\n\n                                                                              Funds Put To\n Description                                              Number of Reports\n                                                                              Better Use\n\n\n Reports for which no management decision made by\n                                                          \t       0           \t       $0\n beginning of reporting period\n\n\n\n\n Reports issued during the reporting period               \t       1           \t    $8,495\n\n\n\n\n Reports for which a management decision made\n during reporting period                                  \t\n\n \xe2\x96\xa0\xe2\x80\x82  \x07 ollar value of recommendations agreed to by\n     D                                                    \t       0\t          \t    $8,495\n     management\n \xe2\x96\xa0\xe2\x80\x82 \x07Dollar value of recommendations not agreed to        \t       0           \t       $0\n     by management\n\n\n\n\n Reports for which no management decision made\n                                                          \t       0           \t       $0\n by the end of the reporting period\n\n\n\n\n Report for which no management decision made\n                                                          \t       0           \t       $0\n within 6 months of issuance\n\n\n\n\n                                       Semiannual Report to Congress\n                                                     32\n\x0cTable C-3: List of Audit and Inspection Reports Issued During Reporting Period\n\n\n Audit Reports                                                                           Funds Put To Better Use\n\n\n\n Report on Protection of E-Passport Production System\n (Assessment Report 08-07, issued May 30, 2008)                                          \t      $0\n\n\n\n\n Report on Federal Digital System (FDsys) Independent Verification and Validation\n (IV&V) \xe2\x80\x93 Third Quarter Observations and Recommendations\n                                                                                         \t      $0\n (Assessment Report 08-08, issued August 8, 2008)\n\n\n\n\n Report on Follow-up Audit of Centrally Charged Travel Expenditures\n (Audit Report 08-09, issued August 8, 2008)                                             \t      $8,495\n\n\n\n\n Report on Diversity Management Programs at the Government Printing Office\n (Audit Report 08-10, issued September 11, 2008)                                         \t      $0\n\n\n\n\n Report on WebTrust Assessment of GPO\xe2\x80\x99s Certification Authority \xe2\x80\x93 Attestation Report\n (Assessment Report 08-11, issued September 18, 2008)                                    \t      $0\n\n\n\n\n Report on Assessment of GPO\xe2\x80\x99s Transition Planning for Internet Protocol Version 6\n                                                                                         \t      $0\n (Assessment Report 08-12, issued September 30, 2008)\n\n\n\n\n Report on Oracle E-Business Suite Release 2 Independent Verification and Validation \xe2\x80\x93\n Program Management                                                                      \t      $0\n (Assessment Report 08-13, issued September 30, 2008)\n\n\n\n\n Total                                                                                   \t      $8,495\n\n\n\n\n                                            Office of Inspector General\n                                                               33\n\x0cTable C-4: Investigations Case Summary\n\n\n\n Total New Hotline/Other Complaints Received during Reporting Period      \t   50\n\n\n\n\n No Formal Investigative Action Required                                  \t   37\n\n\n\n\n Cases Opened by OI during Reporting Period                               \t   18\n\n\n\n\n Cases Open at Beginning of Reporting Period                              \t   24\n\n\n\n\n Cases Closed during Reporting Period                                     \t   20\n\n\n\n\n Cases Open at End of Reporting Period\t                                   \t   22\n\n\n\n\n \xe2\x96\xa0\xe2\x80\x82   Cases Referred to GPO Management                                    \t    2\n\n\n\n\n \xe2\x96\xa0\xe2\x80\x82   Cases Referred to Other Agencies                                    \t    0\n\n\n\n\n \xe2\x96\xa0\xe2\x80\x82   Cases Referred to OAI                                               \t    0\n\n\n\n\n                                          Semiannual Report to Congress\n                                                       34\n\x0cCurrent Case Openings by Allegation                                          22\n\n\n\n\xe2\x96\xa0\xe2\x80\x82\x07Contract and Procurement Fraud                                            \t7          \t 32%\n\n\n\n\xe2\x96\xa0\xe2\x80\x82   Employee Misconduct                                                     \t7          \t 32%\n\n\n\n\xe2\x96\xa0\xe2\x80\x82   Workers\xe2\x80\x99 Compensation Fraud                                             \t3          \t 13%\n\n\n\n\xe2\x96\xa0\xe2\x80\x82   Miscellaneous                                                           \t5          \t 23%\n\n\n\n\n                                                                    \xe2\x96\xa0 Contract and Procurement Fraud\n\n                                                                    \xe2\x96\xa0 Employee Misconduct\n\n                                                                    \xe2\x96\xa0 Workers\xe2\x80\x99 Compensation Fraud\n\n                                                                    \xe2\x96\xa0 Miscellaneous\n\n\n\n\n                                      Office of Inspector General\n                                                  35\n\x0cTable C-5: Investigations Productivity Summary\n\n\n\t       Arrests\t                                                                0\n\n\t       Total Cases Presented to Prosecuting Authorities\t                       9\n\n\t       Criminal \t                                                              8\n\n\t       Criminal Declinations\t                                                  4\n\n\t       Indictments\t                                                            3\n\n\t       Convictions\t                                                            0\n\n\t       Guilty Pleas\t                                                           0\n\n\t       Probation (days)\t                                                       0\n\n\t       Jail Time (days)\t                                                       0\n\n\t       Restitutions\t                                                          $0\n\n\t       Civil\t                                                                  1\n\n\t       Civil Declinations\t                                                     1\n\n\t       Amounts Recovered Through\n    \t   Investigative Efforts\t                                            $245,289\n\n\t       Total Agency Cost Savings Through\n\t       Investigative Efforts\t                                            $420,000\n\n\t       Total Administrative Referrals\t                                         0\n\n\t       Contractor Debarments\t                                                  0\n\n\t       Contractor Suspensions\t                                                 0\n\n\t       Contractor Other Actions\t                                               0\n\n\t       Employee Suspensions\t                                                   3\n\n\t       Employee Terminations\t                                                  1\n\n\t       Employee Warned/Other Actions\t                                          0\n\n\t       Other Law Enforcement Agency Referrals\t                                 0\n\n\n\n\n                                          Semiannual Report to Congress\n                                                            36\n\x0c\x0cOffice of Inspector General\n\n732 North Capitol Street, NW\nWashington, D.C. 20401\n\n202.512.0039\ninspectorgeneral@gpo.gov\nwww.gpo.gov/oig\n\nOIG Hotline 1.800.743.7574\n\x0c'